phpIPAM 1.7.4 - Second Order SQL Injection via subnetOrdering
Second Order SQL Injection in phpIPAM 1.7.4 (CVE-2026-4189) Back in 2022, I found a SQL injection in phpIPAM 1.4.4 (CVE-2022-23046) via the BGP …
Read more →# Writeup
Nasa Path Traversal and XSS (waf bypass)
Exploit Path Traversal and XSS in NASA Subdomains In this post, I’ll share my journey of discovering two vulnerabilities on NASA subdomains (Just 4 …
Read more →Template Injection Kitctf
In this blog post, we will explore a specific template injection vulnerability discovered in a CTF (Capture The Flag) challenge from kitctf. We will …
Read more →PHPIPAM CVE
TL;DR This write up is about a SQL injection which I found 4 days after another researcher reported it :/, however, because of the fact that I haven’t …
Read more →Reversing Nim Binary With Radare
This write up explains how i solved the challenge proposed by CakeCTF2022. The challenge was to get the flag in a binary made with the Nim …
Read more →iOS Anti-Tampers Bypass
Hi everyone, in this blog i’m going to explain a little bit of my journey to solve a iOS challenge proposed by @as0ler. The Challenge can be …
Read more →